Re: [openpgp] New fingerprint: which hash algo
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 23 October 2015 18:01 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE8741A1BA2 for <openpgp@ietfa.amsl.com>; Fri, 23 Oct 2015 11:01:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MUgzx9jHzEIn for <openpgp@ietfa.amsl.com>; Fri, 23 Oct 2015 11:00:59 -0700 (PDT)
Received: from mail-lf0-x22e.google.com (mail-lf0-x22e.google.com [IPv6:2a00:1450:4010:c07::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B06E21A1B8E for <openpgp@ietf.org>; Fri, 23 Oct 2015 11:00:58 -0700 (PDT)
Received: by lffv3 with SMTP id v3so92108034lff.0 for <openpgp@ietf.org>; Fri, 23 Oct 2015 11:00:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=kV57Y2EmbftryWUbzg/XgeHajsm8hnqawy76cloafd4=; b=QOMx3+w99/VptcQgGua/4iDrlUYIFSACAzAZFVMX0uDa1nS6YvcJZy6ty6s4QaQ31q uMCheXWKrdsZbT8ZLz5XYuCujBlYIJ2LfxQYPR+Jj/UrPdgaluJ6PDOXrAtFwxJj6SAe U+x3brsWBGfB0N81lPb1UJfE8Q8o7m/vLwAiFxvGkmdIgREpl3rnPmWdPc+ehYsojUxE nXdS69YN55onbOtiFhEN3onGecwp1WQIovGtfMsZaE97xUwWTj+fmEI6S0Ufr9KCqKz1 3wLb/E8LB6IfprcIoDu76qaaKqPNJb/n35UiJgkBXEYaiIiDDu8hqnSm+7vkgNN65D3/ 04PA==
MIME-Version: 1.0
X-Received: by 10.25.21.83 with SMTP id l80mr8034702lfi.79.1445623256846; Fri, 23 Oct 2015 11:00:56 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.213.75 with HTTP; Fri, 23 Oct 2015 11:00:56 -0700 (PDT)
In-Reply-To: <561BAB91.8040104@epointsystem.org>
References: <878u84zy4r.fsf@vigenere.g10code.de> <55FD7CF0.8030200@iang.org> <87io742kz7.fsf@latte.josefsson.org> <87mvw4ctv5.fsf_-_@vigenere.g10code.de> <CA+cU71n1OUq4TtmY+8S2yfu2bvjAr+=DwtN-4xRW4xitjDpFXg@mail.gmail.com> <20151006110330.38b38ea4@latte.josefsson.org> <5616F2AE.5050106@iang.org> <561BAB91.8040104@epointsystem.org>
Date: Fri, 23 Oct 2015 14:00:56 -0400
X-Google-Sender-Auth: DUizgwSavkvqG8O0srvPXmwA3LA
Message-ID: <CAMm+LwjtzNzq-B78XwGoXFBRyJT4_6ZE0_-fojbw7=gbR9yvJw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: "Daniel A. Nagy" <nagydani@epointsystem.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/Grye4jbkyxXBNOY_lXK5B7yThqs>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] New fingerprint: which hash algo
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Oct 2015 18:01:00 -0000
On Mon, Oct 12, 2015 at 8:46 AM, Daniel A. Nagy <nagydani@epointsystem.org> wrote: > Hello, > > Now that SHA1 is on the brink of being broken, I believe that all > Merkle–Damgård hashes should be avoided in new designs. Keccak (SHA-3) > is just better in so many ways. > > Daniel The consensus among folk who followed the SHA-3 competition more closely that I did was that they came to understand a lot more about SHA-2 and were much more confident about it as a result. The strong consensus is that every application requiring a digest should require either SHA-2 or SHA-3 and strongly recommend BOTH. SHA-3 is a newer construction and has been chosen so that it is highly unlikely that a single attack would defeat both. But it is not considered 'more secure'. It is different but that only gives you an advantage if you use both so that you can make use of the diversity. We stopped using MD5 very quickly. Most people had dropped it before the attack was widely known. That was possible because SSL 2.0 had required the use of MD5 and SHA-1 to construct the MAC. So the transition was painless. It took the platform providers much longer to support SHA2 and when they did they refused to support any mechanism that would make it easy to manage the transition. Due to the way OpenPGP works, it is not possible to have a recommended algorithm for fingerprints. Every client has to be able to process any recommended algorithm, so recommended means 'mandatory to accept'. But there should definitely be two algorithms to choose from. That is why I use the first octet in UDF to serve as an algorithm flag. It is precisely so that we can adapt if the need should arise. We can argue as to whether we need 8 bits or could survive with 5 or even one. But if you want to do the job properly you need to have an identifier. The other part of UDF is constructed so that it is possible to use the same support infrastructure for both OpenPGP fingerprints and SSH fingerprints without any risk of unfortunate interactions.
- [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 vedaal
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 ianG
- Re: [openpgp] New fingerprint: to v5 or not to v5 Simon Josefsson
- Re: [openpgp] New fingerprint: to v5 or not to v5 Daniel Kahn Gillmor
- Re: [openpgp] New fingerprint: to v5 or not to v5 ianG
- Re: [openpgp] New fingerprint: to v5 or not to v5 Daniel A. Nagy
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: which hash algo (w… Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Watson Ladd
- Re: [openpgp] New fingerprint: to v5 or not to v5 Phillip Hallam-Baker
- Re: [openpgp] New fingerprint: which hash algo (w… Tom Ritter
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Mark D. Baushke
- Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
- Re: [openpgp] New fingerprint: to v5 or not to v5 ianG
- Re: [openpgp] New fingerprint: to v5 or not to v5 ianG
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: which hash algo (w… Simon Josefsson
- Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
- Re: [openpgp] New fingerprint: which hash algo ianG
- Re: [openpgp] New fingerprint: which hash algo vedaal
- Re: [openpgp] New fingerprint: which hash algo Steve Pointer
- Re: [openpgp] New fingerprint: which hash algo Alessandro Barenghi
- Re: [openpgp] New fingerprint: which hash algo Robert J. Hansen
- Re: [openpgp] New fingerprint: to v5 or not to v5 Daniel Kahn Gillmor
- Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
- Re: [openpgp] New fingerprint: to v5 or not to v5 Jonathan McDowell
- Re: [openpgp] New fingerprint: to v5 or not to v5 Nicholas Cole
- Re: [openpgp] New fingerprint: to v5 or not to v5 Vincent Breitmoser
- Re: [openpgp] New fingerprint: which hash algo Daniel A. Nagy
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
- Re: [openpgp] New fingerprint: to v5 or not to v5 Watson Ladd
- Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
- Re: [openpgp] New fingerprint: which hash algo Phillip Hallam-Baker
- Re: [openpgp] New fingerprint: which hash algo ianG
- Re: [openpgp] New fingerprint: which hash algo Daniel Kahn Gillmor
- Re: [openpgp] New fingerprint: which hash algo Phillip Hallam-Baker